Description
Electromagnetic injection (EMI) is a common and non-invasive technique used to perform fault attacks. In that case, an electromagnetic wave is radiated by an antenna in the close vicinity of the targeted microcontroller (STM32 in our case).
The clock signal is generated thanks to a Phase-Locked-Loop (PLL). The PLL is highly sensitive to EMI and then induces severe disruption on the clock signal just after the injection. It appears that these clock glitches are the cause of faults observed at the software level.
TRAITOR is a light and highly configurable platform which can reproduce, using FPGA, a clock signal with the same disruptions than obtained by EMI. The signal generated replaces the clock source of the STM32.
User can then perform several glitches at different time in order to fault a program at run-time and induce vulnerabilities. It can especially be applied to code with counter-measure to only one injection fault and then bypass this counter-measure. At the end, multiple fault injection could completely transform an innocent piece of code and make it malicious.
Infos pratiques
Prochains exposés
-
ML-Based Hardware Trojan Detection in AI Accelerators via Power Side-Channel Analysis
Orateur : Yehya NASSER - IMT Atlantique
Our work discusses the security risks associated with outsourcing AI accelerator design due to the threat of hardware Trojans (HTs), a problem traditional testing methods fail to address. We introduce a novel solution based on Power Side-Channel Analysis (PSCA), where we collect and preprocess power traces by segmenting them and extracting features from both time and frequency domains. This[…]-
SemSecuElec
-
Side-channel
-
Machine learning
-
Hardware trojan
-